Back to blog

Will GDPR change how we migrate?

Jun 15, 2016 by Romulo Melillo

Unstructured data in Public folders creates risk
In a recent blog we looked at the impact of pending General Data Protection Regulation (GDPR) on organizations trading in the EU. As businesses formalize and refine their existing processes, experts suggest that having mandatory controls will trigger a rise in security breach notifications, and that consumers will demand more action to protect their data.

This is hardly surprising. One of the main planks of the new legislation is the ‘right to be forgotten’. This is a new right that allows individuals to request that any data, whether held by financial service providers, previous employers, social media platforms or others which is being held without legitimate grounds, is deleted. As this commentator notes, “Now the rules are set, we will start to see companies investing in technologies to allow more granular management of data sets consistent with these rights.”

How can you delete information if you aren’t sure you’ve actually got it? On the one hand GDPR is going to boost privacy for individuals. On the other it is – if the spirit is followed – going to help organizations safeguard themselves. It’s not just about protecting yourself from punitive fines; it’s about helping your business function more securely and safely. As a result, GDPR should be a major consideration when planning corporate migrations.

The trouble is that this critical, sensitive data can be lurking everywhere, and among the biggest issues faced by compliance managers are good ol’ Exchange Public folders. That’s because the data they contain is unstructured and uncontrolled, and it’s impossible to tell what really matters. Getting that data back under control by including Public folders in your migration project makes sense.

[vc_row_inner][vc_column_inner width=”1/4″][/vc_column_inner][vc_column_inner width=”3/4″]Migrating off Public folders helps data security
As GDPR looms we have a golden opportunity to identify and deal with Public folder data. Microsoft itself has been encouraging customers to move to remove their reliance on Public folders for a number of years, and turned off its own in 2014.

So where should the important stuff now reside? SharePoint has been around for a while as an option, but it lacks functionality compared with Public folders. A more obvious solution these days is to move Public folders into Office 365, but there are strict limits on quantity and size of Public folders that will be accepted.

The answer does, however lie with the cloud – specifically Office 365 Groups. They closely match Public folder functionality and have many useful enhanced capabilities. They’re ideal because everything is maintained in a reliable, stable environment with a common portal and clear audit trail for administrators to follow. That’s why moving to Office 365 Groups can boost data security.[/vc_column_inner][/vc_row_inner]Why you shouldn’t just migrate everything from Exchange Public folders
The big challenge is that the data you probably have in your Public folders isn’t just  massive, it’s all lumped together as an unprioritized muddle. That data’s probably built up over many years, with many users (plenty of whom have probably moved on) accessing the shares.

Even if you were to try migrating the lot, you’d still struggle with how to use that data, how to find the right information when you needed it, and how to demonstrate compliance with how you were managing sensitive data. What’s more, you’ll find yourself paying well over the odds to store vast amounts of data that you don’t actually need any more.

So you’ll need to do something to retain the value inherent in the data, while rationalizing it and stripping out the stuff that’s not needed. In theory, you can determine a set of rules and then comb through everything bit by bit, intervening manually to prepare important information for migration, reconciling it with the right users, and restructuring it in a way that will make things work logically in future.

In practice, that’s not really a solution that’s going to work for any but the smallest enterprises.

How automated discovery and processing can help
At Quadrotech we’ve seen Public folder problems arising more and more among clients as they migrate to Office 365. We’ve already developed sophisticated algorithms that discover, sort, prioritize and migrate difficult-to-locate offline personal folder (PST) files, for example, and it seemed sensible to see if similar principles could be applied to Public folders.

What we came up with was a system called ADAM – Advanced Data Analytics and Migration – which can determine not only what data exists, but what is valuable and should be migrated into Office 365 Groups. It uses deep analytics technology to drive dynamic grouping of items, based on logical splits between subfolders in the Public folder hierarchy.

These splits are determined by things like permission sets and common folder properties. Criteria like size, age, content type, and ownership are compared so that some objects can be categorized as obsolete and recommended for deletion. Public folders that have been recently accessed by multiple users would be moved to an Office 365 Group.

Besides automatically provisioning Office 365 Groups and shared mailboxes, ADAM rehydrates shortcuts from archiving systems such as Veritas Enterprise Vault, and provides full item-by-item auditing. It can migrate Public folders and shared mailboxes from Exchange 2007, 2010, 2013, 2016 and Exchange Online, and is also able to export Public folder data to PST files, ready for archiving.

Get control back over your Public folder data
If you’re planning a migration project, get ADAM to evaluate what you have in your Public folders.

By automating the discovery, categorization and migration process you can ultimately prevent your Public folders from compromising GDPR compliance, and important and sensitive data will be demonstrably secure and discoverable.